aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/mod_admin_telnet.lua6
-rw-r--r--plugins/mod_register.lua5
-rw-r--r--plugins/mod_tls.lua4
-rw-r--r--plugins/mod_websocket.lua2
-rwxr-xr-xprosodyctl126
-rw-r--r--tests/util/logger.lua5
-rw-r--r--util-src/crand.c10
-rw-r--r--util-src/pposix.c2
-rw-r--r--util/adhoc.lua2
9 files changed, 90 insertions, 72 deletions
diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua
index 3250e2ed..0913eb6d 100644
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@@ -1167,6 +1167,12 @@ function def_env.http:list()
return true;
end
+module:hook("server-stopping", function(event)
+ for conn, session in pairs(sessions) do
+ session.print("Shutting down: "..(event.reason or "unknown reason"));
+ end
+end);
+
-------------
function printbanner(session)
diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua
index ee3f88ba..72e91368 100644
--- a/plugins/mod_register.lua
+++ b/plugins/mod_register.lua
@@ -21,6 +21,7 @@ local new_cache = require "util.cache".new;
local compat = module:get_option_boolean("registration_compat", true);
local allow_registration = module:get_option_boolean("allow_registration", false);
local additional_fields = module:get_option("additional_registration_fields", {});
+local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
local account_details = module:open_store("account_details");
@@ -83,7 +84,7 @@ module:hook("stream-features", function(event)
local session, features = event.origin, event.features;
-- Advertise registration to unauthorized clients only.
- if not(allow_registration) or session.type ~= "c2s_unauthed" then
+ if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then
return
end
@@ -213,6 +214,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
if not(allow_registration) or session.type ~= "c2s_unauthed" then
log("debug", "Attempted registration when disabled or already authenticated");
session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
+ elseif require_encryption and not session.secure then
+ session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required"));
else
local query = stanza.tags[1];
if stanza.attr.type == "get" then
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 3903a760..fbeb344b 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -63,7 +63,9 @@ end
local function can_do_tls(session)
if not session.conn.starttls then
- session.log("debug", "Underlying connection does not support STARTTLS");
+ if not session.secure then
+ session.log("debug", "Underlying connection does not support STARTTLS");
+ end
return false;
elseif session.ssl_ctx ~= nil then
return session.ssl_ctx;
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index c19ad566..47d170a1 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -136,6 +136,8 @@ function handle_request(event)
local request, response = event.request, event.response;
local conn = response.conn;
+ conn.starttls = false; -- Prevent mod_tls from believing starttls can be done
+
if not request.headers.sec_websocket_key then
response.headers.content_type = "text/html";
return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body>
diff --git a/prosodyctl b/prosodyctl
index 2115bc65..79ae1285 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -2,7 +2,7 @@
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
---
+--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
@@ -65,7 +65,7 @@ config = require "core.configmanager"
local ENV_CONFIG;
do
local filenames = {};
-
+
local filename;
if arg[1] == "--config" and arg[2] then
table.insert(filenames, arg[2]);
@@ -120,7 +120,7 @@ if custom_plugin_paths then
-- path1;path2;path3;defaultpath...
CFG_PLUGINDIR = table.concat(custom_plugin_paths, path_sep)..path_sep..(CFG_PLUGINDIR or "plugins");
end
-prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR,
+prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR,
plugins = CFG_PLUGINDIR or "plugins", data = data_path };
if prosody.installed then
@@ -161,7 +161,7 @@ if ok and pposix then
print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err));
end
end
-
+
-- Set our umask to protect data files
pposix.umask(config.get("*", "umask") or "027");
pposix.setenv("HOME", data_path);
@@ -212,7 +212,7 @@ if #unwriteable_files > 0 then
end
-local error_messages = setmetatable({
+local error_messages = setmetatable({
["invalid-username"] = "The given username is invalid in a Jabber ID";
["invalid-hostname"] = "The given hostname is invalid";
["no-password"] = "No password was supplied";
@@ -241,7 +241,7 @@ end
for hostname, config in pairs(config.getconfig()) do
hosts[hostname] = make_host(hostname);
end
-
+
local modulemanager = require "core.modulemanager"
local prosodyctl = require "util.prosodyctl"
@@ -290,30 +290,30 @@ function commands.adduser(arg)
show_usage [[adduser user@host]]
return 1;
end
-
+
if not host then
show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
return 1;
end
-
+
if not hosts[host] then
show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
show_warning("The user will not be able to log in until this is changed.");
hosts[host] = make_host(host);
end
-
+
if prosodyctl.user_exists{ user = user, host = host } then
show_message [[That user already exists]];
return 1;
end
-
+
local password = read_password();
if not password then return 1; end
-
+
local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
-
+
if ok then return 0; end
-
+
show_message(msg)
return 1;
end
@@ -329,30 +329,30 @@ function commands.passwd(arg)
show_usage [[passwd user@host]]
return 1;
end
-
+
if not host then
show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
return 1;
end
-
+
if not hosts[host] then
show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
show_warning("The user will not be able to log in until this is changed.");
hosts[host] = make_host(host);
end
-
+
if not prosodyctl.user_exists { user = user, host = host } then
show_message [[That user does not exist, use prosodyctl adduser to create a new user]]
return 1;
end
-
+
local password = read_password();
if not password then return 1; end
-
+
local ok, msg = prosodyctl.passwd { user = user, host = host, password = password };
-
+
if ok then return 0; end
-
+
show_message(error_messages[msg])
return 1;
end
@@ -368,12 +368,12 @@ function commands.deluser(arg)
show_usage [[deluser user@host]]
return 1;
end
-
+
if not host then
show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
return 1;
end
-
+
if not hosts[host] then
show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
hosts[host] = make_host(host);
@@ -383,11 +383,11 @@ function commands.deluser(arg)
show_message [[That user does not exist on this server]]
return 1;
end
-
+
local ok, msg = prosodyctl.deluser { user = user, host = host };
-
+
if ok then return 0; end
-
+
show_message(error_messages[msg])
return 1;
end
@@ -402,7 +402,7 @@ function commands.start(arg)
show_message(error_messages[ret]);
return 1;
end
-
+
if ret then
local ok, ret = prosodyctl.getpid();
if not ok then
@@ -413,7 +413,7 @@ function commands.start(arg)
show_message("Prosody is already running with PID %s", ret or "(unknown)");
return 1;
end
-
+
local ok, ret = prosodyctl.start();
if ok then
local daemonize = config.get("*", "daemonize");
@@ -441,8 +441,8 @@ function commands.start(arg)
end
show_message("Failed to start Prosody");
- show_message(error_messages[ret])
- return 1;
+ show_message(error_messages[ret])
+ return 1;
end
function commands.status(arg)
@@ -456,7 +456,7 @@ function commands.status(arg)
show_message(error_messages[ret]);
return 1;
end
-
+
if ret then
local ok, ret = prosodyctl.getpid();
if not ok then
@@ -489,7 +489,7 @@ function commands.stop(arg)
show_message("Prosody is not running");
return 1;
end
-
+
local ok, ret = prosodyctl.stop();
if ok then
local i=1;
@@ -519,7 +519,7 @@ function commands.restart(arg)
show_usage([[restart]], [[Restart a running Prosody server]]);
return 1;
end
-
+
commands.stop(arg);
return commands.start(arg);
end
@@ -530,14 +530,14 @@ function commands.about(arg)
show_usage([[about]], [[Show information about this Prosody installation]]);
return 1;
end
-
+
local pwd = ".";
local lfs = require "lfs";
local array = require "util.array";
local keys = require "util.iterators".keys;
local hg = require"util.mercurial";
local relpath = config.resolve_relative_path;
-
+
print("Prosody "..(prosody.version or "(unknown version)"));
print("");
print("# Prosody directories");
@@ -608,10 +608,10 @@ function commands.reload(arg)
show_message("Prosody is not running");
return 1;
end
-
+
local ok, ret = prosodyctl.reload();
if ok then
-
+
show_message("Prosody log files re-opened and config file reloaded. You may need to reload modules for some changes to take effect.");
return 0;
end
@@ -621,6 +621,8 @@ function commands.reload(arg)
end
-- ejabberdctl compatibility
+local unpack = table.unpack or unpack; -- luacheck: ignore 113
+
function commands.register(arg)
local user, host, password = unpack(arg);
if (not (user and host)) or arg[1] == "--help" then
@@ -641,11 +643,11 @@ function commands.register(arg)
return 1;
end
end
-
+
local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
-
+
if ok then return 0; end
-
+
show_message(error_messages[msg])
return 1;
end
@@ -665,9 +667,9 @@ function commands.unregister(arg)
end
local ok, msg = prosodyctl.deluser { user = user, host = host };
-
+
if ok then return 0; end
-
+
show_message(error_messages[msg])
return 1;
end
@@ -1010,7 +1012,7 @@ function commands.check(arg)
print(" Connections will fail.");
ok = false;
end
-
+
print("Done.\n");
end
if not what or what == "dns" then
@@ -1019,7 +1021,7 @@ function commands.check(arg)
local ip = require "util.ip";
local c2s_ports = set.new(config.get("*", "c2s_ports") or {5222});
local s2s_ports = set.new(config.get("*", "s2s_ports") or {5269});
-
+
local c2s_srv_required, s2s_srv_required;
if not c2s_ports:contains(5222) then
c2s_srv_required = true;
@@ -1027,11 +1029,11 @@ function commands.check(arg)
if not s2s_ports:contains(5269) then
s2s_srv_required = true;
end
-
+
local problem_hosts = set.new();
-
+
local external_addresses, internal_addresses = set.new(), set.new();
-
+
local fqdn = socket.dns.tohostname(socket.dns.gethostname());
if fqdn then
local res = dns.lookup(idna.to_ascii(fqdn), "A");
@@ -1047,9 +1049,9 @@ function commands.check(arg)
end
end
end
-
+
local local_addresses = require"util.net".local_addresses() or {};
-
+
for addr in it.values(local_addresses) do
if not ip.new_ip(addr).private then
external_addresses:add(addr);
@@ -1057,19 +1059,19 @@ function commands.check(arg)
internal_addresses:add(addr);
end
end
-
+
if external_addresses:empty() then
print("");
print(" Failed to determine the external addresses of this server. Checks may be inaccurate.");
c2s_srv_required, s2s_srv_required = true, true;
end
-
+
local v6_supported = not not socket.tcp6;
-
+
for jid, host_options in enabled_hosts() do
local all_targets_ok, some_targets_ok = true, false;
local node, host = jid_split(jid);
-
+
local is_component = not not host_options.component_module;
print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
if node then
@@ -1113,12 +1115,12 @@ function commands.check(arg)
if target_hosts:empty() then
target_hosts:add(host);
end
-
+
if target_hosts:contains("localhost") then
print(" Target 'localhost' cannot be accessed from other servers");
target_hosts:remove("localhost");
end
-
+
local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {})))
+ set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {})))
+ set.new({ config.get(host, "component_module") });
@@ -1137,7 +1139,7 @@ function commands.check(arg)
print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/").." record. Create one or set 'proxy65_address' to the correct host/IP.");
end
end
-
+
for host in target_hosts do
local host_ok_v4, host_ok_v6;
local res = dns.lookup(idna.to_ascii(host), "A");
@@ -1172,7 +1174,7 @@ function commands.check(arg)
end
end
end
-
+
local bad_protos = {}
if not host_ok_v4 then
table.insert(bad_protos, "IPv4");
@@ -1301,20 +1303,20 @@ if command and command:match("^mod_") then -- Is a command in a module
show_message("Failed to load module '"..module_name.."': "..err);
os.exit(1);
end
-
+
table.remove(arg, 1);
-
+
local module = modulemanager.get_module("*", module_name);
if not module then
show_message("Failed to load module '"..module_name.."': Unknown error");
os.exit(1);
end
-
+
if not modulemanager.module_has_method(module, "command") then
show_message("Fail: mod_"..module_name.." does not support any commands");
os.exit(1);
end
-
+
local ok, ret = modulemanager.call_module_method(module, "command", arg);
if ok then
if type(ret) == "number" then
@@ -1362,8 +1364,8 @@ if not commands[command] then -- Show help for all commands
done[command_name] = true;
end
end
-
-
+
+
os.exit(0);
end
diff --git a/tests/util/logger.lua b/tests/util/logger.lua
index c133e332..44860d5d 100644
--- a/tests/util/logger.lua
+++ b/tests/util/logger.lua
@@ -14,7 +14,8 @@ local tostring = tostring;
local getstyle, getstring = require "util.termcolours".getstyle, require "util.termcolours".getstring;
local do_pretty_printing = not os.getenv("WINDIR");
-module "logger"
+local _ENV = nil
+local _M = {}
local logstyles = {};
@@ -25,7 +26,7 @@ if do_pretty_printing then
logstyles["error"] = getstyle("bold", "red");
end
-function init(name)
+function _M.init(name)
--name = nil; -- While this line is not commented, will automatically fill in file/line number info
return function (level, message, ...)
if level == "debug" or level == "info" then return; end
diff --git a/util-src/crand.c b/util-src/crand.c
index cc2047eb..f3fa00ea 100644
--- a/util-src/crand.c
+++ b/util-src/crand.c
@@ -67,6 +67,11 @@ int Lrandom(lua_State *L) {
arc4random_buf(buf, len);
ret = len;
#elif defined(WITH_OPENSSL)
+ if(!RAND_status()) {
+ lua_pushliteral(L, "OpenSSL PRNG not seeded");
+ return lua_error(L);
+ }
+
ret = RAND_bytes(buf, len);
if(ret == 1) {
@@ -87,6 +92,7 @@ int luaopen_util_crand(lua_State *L) {
#if (LUA_VERSION_NUM > 501)
luaL_checkversion(L);
#endif
+
lua_newtable(L);
lua_pushcfunction(L, Lrandom);
lua_setfield(L, -2, "bytes");
@@ -100,10 +106,6 @@ int luaopen_util_crand(lua_State *L) {
#endif
lua_setfield(L, -2, "_source");
-#if defined(WITH_OPENSSL) && defined(_WIN32)
- /* TODO Do we need to seed this on Windows? */
-#endif
-
return 1;
}
diff --git a/util-src/pposix.c b/util-src/pposix.c
index 5e21be56..10edbd71 100644
--- a/util-src/pposix.c
+++ b/util-src/pposix.c
@@ -615,7 +615,7 @@ int lc_getrlimit(lua_State *L) {
return 2;
}
} else {
- /* Unsupported resoucrce. Sorry I'm pretty limited by POSIX standard. */
+ /* Unsupported resource. Sorry I'm pretty limited by POSIX standard. */
lua_pushboolean(L, 0);
lua_pushstring(L, "invalid-resource");
return 2;
diff --git a/util/adhoc.lua b/util/adhoc.lua
index 671e85cf..17c9eee5 100644
--- a/util/adhoc.lua
+++ b/util/adhoc.lua
@@ -22,7 +22,7 @@ local function new_initial_data_form(form, initial_data, result_handler)
return result_handler(fields, err, data);
else
return { status = "executing", actions = {"next", "complete", default = "complete"},
- form = { layout = form, values = initial_data() } }, "executing";
+ form = { layout = form, values = initial_data(data) } }, "executing";
end
end
end